23 filter, 24 port access control, 1 default system authentication control – Asus GigaX3112 User Manual

84

GigaX3112 Series Layer 3 Managed Switch

5.3.23 Filter

5.3.23.1 deny any host

Use the deny MAC access list configuration command on the switch to prevent

non-IP traffic from being forwarded if the conditions are matched. Use the no form

of this command to remove a deny condition from the named MAC access list.

CLI Syntax: deny any host MACADDR [VLANID]
Example: (config)# deny any host c2f3.220a.12f4 1

5.3.23.2 filter set

This command define an extended MAC access list using a name , and enter

access-list configuration mode.

CLI Syntax: mac access-list extended WORD
Example: (config)# mac access-list extended mac_acl_1

5.3.23.3 filter conditions

This command specify one or more conditions denied or permitted to decide if

the packet is forwarded or dropped.

CLI Syntax: (permit|deny) any any
Example: (config)# permit any any

5.3.23.4 filter attach

This command is used to assign filter rule for specific port.

CLI Syntax: mac access-group WORD in
Example: (config-if)# mac access-group mac_acl_1 in

5.3.24 Port Access Control

5.3.24.1 default system authentication control

This command sets dot1x system authentication control to default.

CLI Syntax: default dot1x system-auth-control
Example: (config)# default dot1x system-auth-control